Is Your Password on This List?

A lot of people use passwords that are considered “bad,” according to the password management company SplashData. With more and more information going digital, it’s increasingly important to pick a password that can cut down on the risk of being hacked.

SplashData compiled the worst passwords of the year and estimates that nearly 10 percent of people use one of them in at least one place.

“Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure,” said Morgan Slain, CEO of SplashData, Inc., in the press release. “Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online.”

Here are the worst passwords of 2017:

1. 123456 (rank unchanged since 2016 list)

2.  password (unchanged)

3. 12345678 (up 1)

4. qwerty (up 2)

5. 12345 (down 2)

6. 123456789 (new)

7. letmein (new)

8. 1234567 (unchanged)

9.  football (down 4)

10. iloveyou (new)

11. admin (up 4)

12. welcome (unchanged)

13. monkey (new)

14. login (down 3)

15. abc123 (down 1)

16. starwars (new)

17. 123123 (new)

18. dragon (up 1)

19. passw0rd (down 1)

20. master (up 1)

21. hello (new)

22. freedom (new)

23. whatever (new)

24. qazwsx (new)

25. trustno1 (new)

It should be clear why many of these are bad passwords: the sequential order, the lack of different characters and more. For the romantics out there, the self-focused “loveme” has been replaced on this year’s list with “iloveyou.” Other new appearances on the list include "letmein," "monkey," “hello,” “freedom,” “whatever” and “trustno1.” One other new entry is “qazwsx” from the two leftmost alphabetical columns on standard keyboards — demonstrating the importance of avoiding simple patterns.

In its seventh annual Worst Passwords report, compiled from more than five million passwords leaked during the year, “starwars” joins the list at #16.

“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” said Slain. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

Many names appeared farther down the list as well, with people often using their first name as a password. Anything that is tied directly to your identity is advised against, especially something so obvious.

SplashData provides three tips for better password choices:

  • Employ 12 characters or more. Use mixed upper and lowercase characters.
  • Use different passwords for different logins.
  • Use a password manager to organize passwords, generate random and secure passwords, and automatically log you into websites